Google Cloud Apigee Certified API Engineer
Google Cloud Training Architect II in Content
An Apigee Professional API Engineer designs, builds, and maintains API proxies. The API Engineer responsibilities include cross-cutting business concerns like authentication, authorization, monitoring, logging, governance, and documentation. API Engineers also consider API design features like consistency, usability, and versioning. Finally, the API Engineer measures and drives success of the API program and is responsible for the documentation, promotion, and evangelism of its products.
Welcome to the Google Cloud Apigee Certified API Engineer course here at Linux Academy! I’m glad you’re here! Working with APIs and API proxies in general and the Apigee API Management platform in particular is really exciting. With APIs and Apigee, you’re literally at the center—the heartbeat, if you will—of the modern digital workplace and marketplace, right between thousands of apps on millions of devices and the vast number of services that they connect and depend on. In this lesson, I’ll give you a brief overview of what the course covers.
About the Training Architect
Meet the training architect of this course, Joseph Lowery. Joe has been working with Google Cloud for over five years, transitioning websites to the cloud via App Engine, Compute Engine, Cloud Storage, Cloud Datastore, and other services. He is Linux Academy's training architect for Google Cloud Essentials, Google Kubernetes Engine Deep Dive, Google App Engine Deep Dive, and Google Cloud Functions Deep Dive, as well as a full slate of Hands-On Labs for Google Cloud.
Setting Up Your Apigee Account
Before we really begin exploring Apigee, you should make sure you have the opportunity to do so yourself and sign up for a free Apigee account, if you don’t already have one. In this lesson, I’ll walk you through the simple process and layout the restrictions you need to be aware of. I guarantee you—it’s quick and easy, and if you want to take the Apigee API Engineer certification, absolutely necessary.
Understanding Google Cloud Apigee
This lesson is the first in the Designing APIs section, and as such, we’ll use it to take a relatively high-level overall view of APIs and API proxies in general, and—more specifically—Google Cloud Apigee. There are a great number of metaphors that are used to explain APIs and API proxies—I’ve seen gateways, hotel concierges, and even restaurant menus. Bridges, like the one pictured here, are another—especially those that have attendants who can affect traffic patterns or even monetize that traffic. I thought this photo was especially fitting for this section because the person on the left, watching from a great distance and overseeing it all to get a better sense of the pattern and flow, reminds me of where we are now in this course: ready to get an overall understanding of what an API engineer is responsible for and how it all works.
Data Modeling Best Practices
When designing your API proxy, your first question might be: Where do I start? If possible, the best place to start is structuring the data model on the backend service. I know this is definitely the best-case scenario, as many API developers will be working with a data model already in place, but since we want to address the best practices, why not go for the gold? Structuring your data model with your API in mind will definitely make it easier to access, update, and maintain. It’s a win all across the board. This lesson will explore how your data should be structured to achieve the optimum API performance.
Strategies for Designing APIs
In the last lesson, we talked about how best to model your data when considering creating an API. Now, we’ll turn to actually designing the API proxy itself. There are numerous approaches that can be taken overall, and we’ll discuss which is the best route in general. We’ll also look at how to structure your API for coding efficiency through shared flows and flow hooks. Finally, I’ll make you aware of some of the possibilities when it comes to access control, including scoping resources and roles.
Applying RESTful Design
By far, the most common technique for an app to send an HTTP request to an API is REST—short for Representational State Transfer—and basically means that each unique URL is a representation of some object. The core required operations of an app request—creating, reading, updating and deleting data—are deftly handled by a familiar set of HTTP verbs. In this lesson, we’ll detail those verbs and show how they are used in an API request. Additionally, we’ll look at the best way to handle advanced requests that incorporate filtering, without incorporating complex paths.
Structuring API Paging Design
Chances are, the data an app is requesting from a service is more substantial than the device can comfortably display at one time. That’s why delivering a response in segments—or pages—is a common technique in APIs. In this lesson, we’ll take a look at the recommended methods for handling paging, including specific fields in both requests and responses.
Driving API Consumption
Having designed an API, how do you bring it to market and attract developers who will use it to create apps that reach your customers? Once you have built it, how can you ensure that developers will come? And not only that, how will you ensure their success? There are a few key elements to consider. First and foremost, documentation—you want to make your API as straight-forward to implement as possible. The best way to do that is to adhere to the standard: OpenAPI specifications. As you’ll see in this lesson, working with OpenAPI specifications has multiple benefits. After your API is well documented and available, you’ll want to bring in the developers—and one of the best strategies is to build a community dedicated to your API products. We’ll cover the key points for just such an approach.
Handling Revisions and Versions
No matter how perfect you think your API is—if it’s active for any length of time—there’s no doubt that it will need to be revised and updated. It’s best to have a firm grasp of how revisions and versions impact APIs so you’ll understand how best to implement them. In this lesson, we’ll first take a look at the distinctions between the two—each are handled totally differently. Next, we’ll look at a number of strategies for integrating different versions with your API from the user perspective, and I’ll tell you which is considered the best. Finally, we’ll look at the timing involved with releasing a new version, how to manage it appropriately with your developers in mind, and how to deal with the previous versions.
Exploring the Apigee User Interface
We’ve spent almost this entire section laying the foundation for API design. Now that you have a handle on the best practices of API design, it’s time to talk about how you’ll go about implementing them, with a tour of the Apigee user interface—more specifically, the Apigee Edge UI. Apigee Edge is the service in the Apigee platform dedicated to creating and managing your API proxies throughout its life cycle. In this lesson, we’re going to take a look at the initial components of that life cycle: design, develop, secure, and publish. Let’s get started. Link: https://cloud.google.com/apigee
Developing, Implementing, and Securing APIs
Understanding the OpenAPI Spec
We touched on the OpenAPI in a previous lesson, and now it’s time to dig deeper—because this specification is truly a living document that both creates and reveals your API proxy. In this lesson, I’ll give you some background on the OpenAPI specification, and then we’ll cover each of the primary sections as we look at a full working example.
Creating API Proxies on Apigee Edge
Finally it’s time to create an API proxy using the Apigee Edge user interface. In this lesson, we’ll build a simple proxy, test it to verify that it’s working properly, and then start to develop it—changing the endpoint, adding a policy—all the while retesting to ensure our progress.
Error Conditions and Fault Handling
In our lessons so far, everything has gone exceedingly well and there have been no errors. But you and I know that’s not the real world. In the real world of APIs, errors occur. Errors can be accidental, like a misspelled query parameter, intentional, such as attempted unauthorized access, or because of a condition the API developer imposed, such as a quota being exceeded. Whatever causes an error, it needs to be handled and Apigee has a very robust mechanism for doing just that, as you’ll see in this lesson. Please note: In this lesson, I used the AssignMessage policy to generate a custom error response. Given the context, it would have been more appropriate to use the RaiseFault policy to accomplish the same end result. When time allows, I will update the course accordingly.
Exploring Mediation Strategies
In our first attempt at creating an API proxy in Apigee, we added a policy that converted the XML response from the server to a JSON format, for the requesting client app. In Apigee, this type of policy is referred to as a mediation policy. As you’ll see in this lesson, mediation policies are used to affect either the request or the response—really fulfilling the API proxy’s function as an intermediary. There are 9 different mediation policies in all, and this lesson’s goal is to familiarize you with them all.
Enforcing API Security
It seems like every day another story emerges revealing how some valuable data was stolen from an online service. The entire business model of APIs is to intentionally expose such data—but only to trusted apps and individuals. Security is absolutely critical when it comes to API proxies, and Apigee offers a wide range of policies in this area—16 in all—organized into 11 groupings that we will discuss throughout this lesson.
Addressing Content-Based Attacks
Extracting Data from Payloads
In previous lessons, you’ve seen how Apigee can modify a request or a response via its mediation policies and protect services with its security policies. Apigee can also inspect the content passed from the app to the service—and vice versa—and pull out any of that information to use for additional processing. In this lesson, I’ll show you how to get data from a JSON payload sent as part of a response from a server.
Handling Traffic Spikes
In earlier lessons on security, we focused on malicious acts to disrupt your API’s service. However, not all disruptions are caused intentionally. Your API might gain a sudden boost in popularity and everyone wants to use it, which causes spikes and can result in downtime. While this is what is referred to as a “good” problem, it’s still a problem. In this lesson, I’ll show you how to avoid such issues by using the Spike Arrest policy.
Tracing Requests and Responses
An Apigee API proxy has a lot of moving parts—13 different potential flows, any number of policies affecting both requests and results—all needed to work together in the most efficient way possible. Keeping track of what’s going on is critical—and Trace, Apigee Edge’s built-in visual debugger, is the perfect tool for the job. In this lesson, we’ll explore Trace in some depth, and I’ll explain what the various symbols mean and show you how you can get the information you need to improve your APIs with this tool.
Applying Role-Based Access Control
While its possible for a single person to develop, publish, and maintain a company’s API proxy, it’s far more likely that a team of people will be involved. The more people you have working on a project, the more likely that you’ll want to assign them specific roles in order to restrict their access. For example, you might have one person who creates your APIs and another who deploys and tests them – and you want to ensure than neither does the other’s job. In this lesson, we’ll explore Apigee’s role-based access by looking at how the platform handles both roles and users.
There are numerous situations where you need to pass runtime gathered data to the backend – and you want to ensure that the data is secure at every step of the way. Apigee’s Key Value Maps are perfect for this. They store key/value string pairs in easily retrievable variables – and the variables can be encrypted with the click of a checkbox. In this lesson, I’ll show you how to create an encrypted key value map, integrate the values into an Apigee policy so that they are kept hidden and then use them in a common scenario.
The Development Lifecycle and CI/CD
Automating Build and Deployment
While the user interface for Apigee Edge is extremely straight-forward and powerful, once you get into the iterative process of revising, testing, deploying, revising, testing, deploying, and on and on, you may want to find a more developer-centric path. Luckily, you’re not alone and great number of tools have emerged to help automate the process of building and deploying API proxies. In this lesson, we’ll take a look at how one such tool –Apache Maven—works and how to configure the necessary files.
Running Unit and Integration Tests
Testing is critical in software development of any kind and API proxies are no different. There are a number of different types of tests – and, in this lesson, we’ll discuss best practices for implementing two of them when crafting an Apigee API proxy: unit tests and integration tests.
Implementing Static Code Analysis
In addition to making sure your API proxy and its custom code are working properly, you also want to ensure it shines! You can polish your code through a process known as static code analysis. Not only does static code analysis help debug your code, it also points out any inconsistencies, validates your code against compliance standards, and addresses weaknesses that might lead to vulnerabilities. In this lesson, I’ll familiarize you with the tool often used for static code analysis with Apigee Edge and show you how to use the Apigee Edge Management API to export your API for analysis.
Proxy SDLC Strategies
SDLC is short for Software Development Lifecycle. SDLC is the process used to design, develop, and test software. There are numerous approaches to the various stages in the cycle, but the generally accepted ones include planning, defining, designing, building, testing, and deployment – and then the cycle starts again with planning the next round of features and enhancements. Much of SDLC is focused on the automation of the process, which is often termed the CI/CD pipeline – Constant Integration, Constant Delivery. In this lesson, we’ll take a look at 4 different CI/CD patterns for your Apigee API Software Development Lifecycle.
Setting API Performance Benchmarks
Knowledge is power or so the saying goes – and nowhere is that truer than when dealing with APIs. There are so many aspects that are beneficial to track: API traffic, most used API methods, most active developers, most active apps, response time, geographic activity and so on. And everyone in the API eco-system benefits from gathering this information: the API devops team, the backend service leaders, and app developers. In this lesson, we’ll explore the wealth of information that Apigee makes available
Requirements and Business Analysis
Managing API Products
Now it’s time to tie it all together: proxies, developers and apps – in one tight, efficient bundle: the API product. API products are what developers register their apps for. And as such, API proxy developers can present their API proxies in a variety of packages. API products are, essentially, the API proxy product line. Moreover, products are essential secure link bridging apps and proxies. In this lesson, I’ll show you how to use Apigee to create a product that works for developers, apps, and your proxies.
Conducting Requirements Analysis
Part of Apigee Proxy and Product development is figuring out exactly what the business requirements are of the target market. Another part is understanding how you can put those requirements to work. In this lesson, I’ll show you two ways you can customize properties and attributes at the product level to make your API product line a better fit for your potential and existing consumers.
Leveraging the Edge Microgateway
In addition to the cloud version of Apigee Edge, which we have been focused on in this course, there is also a on-premises version called Apigee Edge for Private Cloud – which is not covered in the Google Cloud Apigee Certified API Engineer exam – and the Apigee Edge Microgateway, which is. In this lesson, we’ll examine the Edge Microgateway, how it works, it’s benefits, and typical use cases.
Preparing for the Exam
Congratulations! You’ve made it through all the lessons. I hope you enjoyed your journey so far and looking forward to the next step—which leads to your overall goal: certification! In this lesson, we’re going to cover 3 main topics: what the exam is like, how to prepare for it, and a couple of example questions to give you a better idea of what you’re in for. Let’s dive in.
Google Cloud Apigee API Engineer Practice Exam
Take this course and learn a new skill today.
Transform your learning with our all access plan.Start 7-Day Free Trial